package com.security.config;

import com.security.frame.core.authentication.AuthorizeConfigProvider;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

/**
 * todo
 *
 * @author wangjie
 * @version V1.0
 * @date 2019/12/11
 */
@Component
@Order(Integer.MAX_VALUE)
public class MyAuthorizeConfigProvider implements AuthorizeConfigProvider {
    @Override
    public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
        registry.antMatchers(
                "/css/*",
                "/img/*",
                "/fonts/*").permitAll()
                .antMatchers(HttpMethod.GET,"/user/*").hasRole("ADMIN");
                //.anyRequest().access("@rbacService.haspermission(request, authentication)");
    }
}
